Vulnerabilities > Pfsense
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-26 | CVE-2022-23993 | Cross-site Scripting vulnerability in Pfsense and Pfsense Plus /usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS. | 6.1 |
2021-06-01 | CVE-2020-26693 | Cross-site Scripting vulnerability in Pfsense 2.4.5 A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function. | 5.4 |
2021-04-28 | CVE-2021-27933 | Cross-site Scripting vulnerability in Pfsense 2.5.0 pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field. | 6.1 |
2019-11-02 | CVE-2019-18667 | Cross-site Scripting vulnerability in Pfsense Pfsense-Pkg-Freeradius3 /usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser. | 6.1 |
2018-01-22 | CVE-2016-10709 | OS Command Injection vulnerability in Pfsense 2.2.6 pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php. | 8.8 |